Cybersecurity Needs GDPR
Data breaches. Cyber-attacks. Malware. You hear these words every day. Every company and every person is a target. The amount of sensitive data we store online is huge. While some companies practice good cybersecurity hygiene, a lot of other companies and people barely meet the minimum requirements. These failures in cyber hygiene have led to the introduction of the GDPR, an effort of the European Union to hold businesses accountable for cybersecurity.
The GDPR works to establish a legal framework to hold everyone to a high standard in regards to security and privacy. The GDPR hopes to eradicate data breaches through a list of rules and regulations all participators must follow.
GDPR is in effect on May 25, 2018. It requires all companies to store data securely. In addition to this, companies must disclose data breaches to all consumers. GDPR also works to give customers their rights back. The rights protected under GDPR include the right to:
- be aware of data usage.
- access data.
- erase data.
- the ability to consent to giving up data.
- the information to make data related decisions.
These rights are ensured as long as companies are compliant.
Global Impact of GDPR.
GDPR affects more than just Europe. For example, all companies that retain or manage EU citizen data must comply. All companies that hold EU personal data, regardless of the nation of origin, must disclose breaches. Failure to comply with these rules will result in a fine of up to 4% global turn over (2 Million pounds). These fines may seem severe, but they help businesses understand their data more. A lot of businesses are need to be more aware of what data they collect, how they use it, and how long they secure it. Complying with these rules creates much needed trust between customers, employees, and businesses.
How companies secure data.
GDPR does not have a process set in place to secure data. But there are some basic rules of thumbs to go by.
- Encrypt: Data encryption makes your information unreadable to unauthorized parties. It is the first and most important step in data protection.
- Opt-in: People need to consent to their data being used, stored, and collected.
- Direct Collection: Data may be collected only from the data subjects themselves.
- Data Storage Length: Do not keep data for too long.
- Data Cutback: As little data as possible.
- Purpose Driven: Use data when needed. Do not blindly collect large amounts of data. Also, give people the power to decide when data is necessary.
- Transparency: People must know everything about their information use. For example, a customer should know when their info is being used.
The cyber world is long overdue for some accountability. The GDPR will have large implications throughout the world. The system is still in it’s infancy, after all. But as long as companies are willing to follow these rules, we can all start working towards data safety.
Tags: Breach, business, Companies, Cyber Attacks, Cyber criminals, Cyber law, Cybersecurity, Cybersecurity Practices, data breach, Data Encryption, Data Storage, GDPR, Information, Security, Systems, Technology